Hello everyone,
I am Pablo Sabbatella, also known as pablito.eth. I am a web3 operational security researcher, member of SEAL (Security Alliance) and I am applying for the security council as founder of Opsek. I also created “Blockchain Security series” podcast.
I started with cybersecurity back in 1999, when I founded Hackemate and have been involved in technology since then. I am part of the Optimism Security Council and the Polygon Protocol Council.
Motivation to sign up
I am fully committed to improving the security of the ecosystem. I am totally convinced that security is the biggest issue the industry is facing right now, stopping it from achieving mass adoption. If we continue on this path, with DPRK being funded by large hacks like Bybit, we are gonna be a total failure.
I know for sure that my knowledge and experience will be valuable in order to enhance the security of Arbitrum’s Security Council, infrastructure, team and community.
I am fully doxxed and dedicate lots of resources to talk about the importance of Security in the Web3 ecosystem from my Twitter account with more than 80K followers and with a free Blockchain security course you can check at at Defy Education.
Security work:
I founded Opsek, where we do operational security audits and training for Web3 organizations (DeFi, CEXs, L1s, L2s, VCs, service providers and HNWI). The reason behind my work and founding Opsek is very simple: 99% of funds being lost are due to operational security issues (Private key leakage, malware, exploits, social engineering, phishing, account takeovers, domain hijacking, etc) and not due to smart contract hacks anymore.
My expertise is understanding an organization, defining and protecting its attack surface: what does the organization do? Who is the team? What are the tools and tack that they use? What does the day to day operation look like? What are the most valuable assets it’s protecting? Which are the biggest risks? We also train the teams on physical security.
Part of our auditing process includes multisigs: how were they created? Who are the signers? What’s the appropriate threshold? How are private keys generated? How are seeds handled? Are they backed up or deleted? How do you travel with your hardware wallet? Have signers developed a threat model? Hardware wallet diversity, frontend diversity, transactions verification and simulation, definition of procedures and policies, etc.
I have already audited many firms (many of them we do not make public). Some of them: Optimism, Sky (ex MakerDao), Centrifuge, Contango, Midas, Aligned Layer, and many more.
I have participated in many war rooms and helped many people and companies save funds during attacks (and still do this daily).
Some of my presentations:
- Professionals hack people, not systems @ DeFi Security Summit (Bangkok - 11/2024)
https://www.youtube.com/watch?v=1ZQIDkEfY5w
- OpSec for the Dark Forest (or how to avoid getting rekt) @ Devcon 7 (Bangkok - 11/2024)
https://archive.devcon.org/devcon-7/opsec-for-the-dark-forest-or-how-to-avoid-getting-rekt/
- Operational security in Web3: a review of major OpSec incidents @ DSS Webinars (Online - 04/2025)
https://www.youtube.com/watch?v=GuQXUyMDd_s
- Physical and Operational Security 101 @ Ethereum Community Conference 8 (Cannes - 07/2025)
https://ethcc.io/agenda/physical-and-operational-security-101
- How to securely configure and use Telegram & Twitter @ Ethereum Community Conference 7 (Brussels - 07/2024)
https://ethcc.io/archives/how-to-securely-configure-and-use-telegram-and-twitter
Projects I created but where I am not involved anymore:
-
I co-founded Ethereum Argentina.
-
I created the first “Blockchain and DeFi" subject in an Argentinian University and served as teacher for two years.
-
I founded Defy Education.
Disclosure: I am an active signer in the Optimism Security Council and the Polygon Protocol Council. Both of them do not have conflicts of interest.
Links:
-
Website: https://pablosabbatella.com
-
Opsek: https://opsek.io
-
Security Alliance (SEAL): https://www.securityalliance.org/members/user_NOdX506vRbyrYH2U
-
Cybersecurity alerts: https://t.me/+22LpVdgtLXs3ZjNh
-
Blockchain Security Series: https://bss.fm
-
X profile: https://x.com/PabloSabbatella
-
Linkedin: https://www.linkedin.com/in/psabbatella/
Many thanks for reading